Pass-through Authentication

Edgar Kautzner shared this question 5 months ago
Answered

Hi,

I'm working with a client who would like to implement data source security as close to the data source as possible. E.g. they would ideally like for data to be filtered at the database level.

I came across the 'pass-through authentication' option in the data source settings and I'm keen to understand how this works and couldn't find anything in the wiki / forum about this specific configuration parameter.

Would I be correct that this needs to be used in conjunction with LDAP Authentication and enforces the data source to connect to the database as the user who is logged into Yellowfin?

Any information you can provide on the option above (and anything else relevant to what the client would like to achieve) would be much appreciated.

Thanks,

Edgar

Comments (8)

photo
1

Hi guys,

I just spoke to Rob and he's pretty sure that the 'pass-through authentication' uses a user's Yellowfin username and password to connect to the database specified in the data source connection.

One issue I can see with this is that this would require the Yellowfin password to be in synch with the SQL Server password - so if they change their Yellowfin password (and not the SQL Server password) the connection will not authenticate.

So a supplementary question to above - can this be used in conjunction with LDAP to avoid this happening? Given that Yellowfin doesn't store the password for LDAP users (what is entered into the password textbox upon login is passed through directly to the LDAP service), would this actually work?

Keen to hear your ideas around efficient ways to do this.

Cheers,

Edgar

photo
1

Hi Edgar,

Thanks for reaching out with your question. At the simplest explanation, Pass Through Authentication will send the username and password of a Yellowfin user to the data source as the authentication for reporting.

You are correct in stating that this password must be in sync with the target Data Source. If it is not, the authentication will fail.

I can confirm that in previous testing, this does work with an LDAP connection. Although Yellowfin does not store this password locally, it is able to pass this through to the target Data Source upon authentication.


Thanks,

Ryan

photo
1

Hi Edgar,

Sorry for the double post here. I wanted to let you know I've reviewed this and made some edits to my previous statement. Let me know if you have further questions.

Thanks,

Ryan

photo
1

Hi Ryan,

Many thanks for your response, that's very helpful.

Do you know if it works for both Windows and SQL Server authentication?

Cheers

Edgar

photo
1

Hi Ryan,

Just a follow-up to let you know that I did a test locally and was able to get pass-through authentication working locally with Windows authentication. I assume that it will also work when using LDAP auth in Yellowfin.

Cheers,

Edgar

photo
1

Hi Edgar,

Correct, in my previous testing with a quick POC setup of MySQL and an LDAP-created user within Yellowfin, Yellowfin did properly pass through the credentials to the source.

Do let me know how it goes or if you have further questions.

Thanks,

Ryan

photo
1

Hi Edgar,

I wanted to check in here and see how it's all going.

Thanks,

Ryan

photo
1

Hi Edgar,

It's been a while since I've heard back on this. I'm going to mark this as Answered. Don't hesitate to reach out with any further questions or issues.

Thanks,

Ryan